Deutsch English Français Italiano |
<v6i0eb$131tb$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Alan <nuh-uh@nope.com> Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.apps Subject: Re: Orphaned CodoPods are found in Apple software Date: Mon, 8 Jul 2024 17:32:11 -0700 Organization: A noiseless patient Spider Lines: 46 Message-ID: <v6i0eb$131tb$2@dont-email.me> References: <v6brna$16iit$1@news.samoylyk.net> <rzeiO.8448$pVB9.6500@fx34.iad> <v6c85a$17bja$1@news.samoylyk.net> <v6c8sk$9fdv$1@solani.org> <letr8cFge14U2@mid.individual.net> <v6cjb6$9l4b$1@solani.org> <v6ckup$186t1$1@news.samoylyk.net> <Z5viO.11483$6eV2.7178@fx12.iad> <v6eour$1copo$1@news.samoylyk.net> <v6g6mo$pqjo$1@dont-email.me> <v6hjtm$1ind6$1@news.samoylyk.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Tue, 09 Jul 2024 02:32:12 +0200 (CEST) Injection-Info: dont-email.me; posting-host="b1aec130310c13342a9e7c252d339242"; logging-data="1148843"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18Nj4uNxi1Q2aDLAXoUME83ozkkoEQYeNw=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:n1QrenxdUw8El1lFJtf+RpJdaZE= In-Reply-To: <v6hjtm$1ind6$1@news.samoylyk.net> Content-Language: en-CA Bytes: 3100 On 2024-07-08 13:58, Wolf Greenblatt wrote: > On Mon, 8 Jul 2024 08:06:48 -0000 (UTC), Chris wrote: > >>> Probably very true. All I know is researchers found a flaw in millions of >>> mac/iOS apps and Apple didn't find that same flaw even after a decade. >> >> The point that's being missed is that no-one else spotted it either. >> Despite existing for so long it was never exploited. > > Three million iOS/macOS apps were vulnerable for a decade, and Apple didn't > even care to think about backing up their own claims of safety & security. Ummmm... ...no. 1. You need to show that "three million" iOS/macOS apps" actually USED CocoaPods. 2. You need to show how many of those made use of the "Pods" that had been orphaned. > >> This was specifically an error on the side of the people managing the >> CocoaPods library. They should not have left orphan accounts open >> indefinitely. > > It's worse than that because ANYONE (yes, even you and me) could have > injected code into those apps for a decade without Apple caring about it. Nope. You couldn't inject code into any app that didn't use one of the orphaned "Pods". > >> >>> Shouldn't Apple care that millions of mac/iOS apps are vulnerable? >> >> *were* vulnerable. It was fixed last year. It has only been reported >> recently for obvious reasons. > > It was fixed but Apple didn't even know about it until someone told them > that anyone (yes, even you and me) could have injected code into any of > three million macOS/iOS apps for over a decade because Apple didn't care. Still stuck on repeating things you know you can't know are true. Normal, sane people call that "lying".